#!/usr/bin/env node

/*
 * gencsr - generate keypair and CSR, then save them to files.
 *
 * Copyright (c) 2016 Kenji Urushima (kenji.urushima@gmail.com)
 *
 * This software is licensed under the terms of the MIT License.
 * https://kjur.github.io/jsrsasign/license
 *
 * The above copyright and license notice shall be 
 * included in all copies or substantial portions of the Software.
 * 
 * Please use '-h' option for this script usage.
 * ---------------------------------------------------------
 * DESCRIPTION
 *   This script generates RSA and EC public key pair and
 *   CSR(Certificate Signing Request), then save them as:
 *   - PKCS#8 PEM public key file
 *   - PKCS#8 PEM encrypted private key file
 *   - PEM CSR file
 *
 * USAGE
 *   Genearte yyy.{pub,prv,csr} by default 
 *   (RSA 2048 with password "passwd" and CSR for /C=US/O=TEST)
 *   % gencsr yyy
 *   RSA 1024 with password "secret" and CSR for /C=US/O=T1/CN=mydomain.com
 *   % gencsr -s 1024 -p secret -d /C=US/O=T1/CN=mydomain.com yyy
 *   EC curve secp256k1
 *   % gencsr -a EC -c secp256k1 yyy
 */

var program = require('commander');
var rs = require('jsrsasign');
var rsu = require('jsrsasign-util');
var path = require('path');

program
  .version('1.0.2 (2016-Sep-11)')
  .description('generate keypair and CSR, then save them to FILEHEAD.{pub,prv,csr}')
  .usage('[options] [file head]')
  .option('-a, --keyalg <RSA|EC>', 'public key algorithm. default=RSA', "RSA")
  .option('-s, --size <key size>', 'RSA key size. default=2048', "2048")
  .option('-c, --curve <curve name>', 'EC curve name. default=secp256r1', 'secp256r1')
  .option('-d, --dn <DN name>', 'subject DN for CSR. default=/C=US/O=TEST', '/C=US/O=TEST')
  .option('-p, --pass <password>', 'password for PKCS#8 private key. default=passwd', 'passwd')
  .parse(process.argv);

//console.log("program.args.length=" + program.args.length);

if (program.args.length !== 1)
  throw "wrong number of args"

var head = program.args[0];
var dn = program.dn;
var keyalg = program.keyalg;
var keyopt, sigalg;
if (program.keyalg === "RSA") {
   keyopt = parseInt(program.size);
   sigalg = "SHA256withRSA";
} else {
   keyopt = program.curve;
   sigalg = "SHA256withECDSA";
}
var pass = program.pass;

var pubFile = head + ".pub";
var prvFile = head + ".prv";
var csrFile = head + ".csr";

console.log("generating keypair...");
var kp = rs.KEYUTIL.generateKeypair(keyalg, keyopt);
console.log("done.");
var prvKey = kp.prvKeyObj;
var pubKey = kp.pubKeyObj;

var csr = rs.asn1.csr.CSRUtil.newCSRPEM({
    subject: {str: dn},
    sbjpubkey: pubKey,
    sigalg: sigalg,
    sbjprvkey: prvKey
});

rsu.saveFile(pubFile, rs.KEYUTIL.getPEM(pubKey));
rsu.saveFile(prvFile, rs.KEYUTIL.getPEM(prvKey, "PKCS8PRV", pass));
rsu.saveFile(csrFile, csr);
console.log("all save done.");


